encoding/asn1: roll back CL 16517? #13563
Comments
|
keyczar wants to accept bogus encodings? |
|
/cc @agl |
|
It's not bogus, it's just non-minimal. I have an email thread going with the author. |
|
Okay, please summarize what you find out. Because I thought ASN.1 was DER and DER was the minimal-form-required version of BER, which I guess isn't the full story. |
|
Could this be related to a bug we have after upgrading from 1.4 to 1.5: this ... http://play.golang.org/p/U6pTR1oC1m works in 1.4 |
|
FYI. Whilst this is changed behaviour from 1.4 - 1.5 it has shown up the fact that one of our systems is generating 'bad' PK's. We can condition the []byte, and fix the culprit, so can move forward. In our case there would be no compelling argument to revert the stricter 1.5 If this is not the same issue then apologies. |
|
@danmux, this issue is about something that changed since 1.5. You may be seeing something in 1.5 different from 1.4 but it's not this. I'd still be interested to hear more about your problem if you'd like to file a new issue. If you can describe the condition you use to detect the issue that might be enough, but of course code is nicer. :-) Thanks. |
|
ok thanks, ftr.. #13580 and happy for you to delete my polluting comments in here. |
|
After discussion, the plan is to eliminate that keyczar test. The test cared more that the code didn't crash than that it accepted the signature in question. So we do not need to roll back CL 16517. |
This CL broke a test at Google in the Go port of keyczar. The test vectors check that signatures with non-minimal integer encodings are still accepted, and after CL 16517 they are not. We need to decide whether to roll back the CL or declare that that usage is not important.
The text was updated successfully, but these errors were encountered: